Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

identity/tokens: adds plugin issuer with openid-configuration and keys #24898

Merged
merged 4 commits into from
Jan 17, 2024
Merged

identity/tokens: adds plugin issuer with openid-configuration and keys #24898

merged 4 commits into from
Jan 17, 2024

Conversation

austingebauer
Copy link
Contributor

@austingebauer austingebauer commented Jan 17, 2024
edited
Loading

This PR adds an openid-configuration and keys API for a new plugin token issuer. The issuer will only be capable of internally issuing tokens to Vault plugins for workload identity federation exchanges.

The issuer will provide unauthenticated APIs with the following paths:

  • /v1/identity/oidc/plugins/.well-known/openid-configuration
  • /v1/identity/oidc/plugins/.well-known/keys

The approach makes the "plugins" segment above optional so that we can serve both the identity token issuer and plugin token issuer APIs using the same request handlers. I've called these "child" issuers, but I'm happy to consider a different name. It sets up the implementation for easily adding more child issuers if a use case ever comes up.

I ran all OIDC-related tests successfully using go test -run=TestOIDC. Documentation will be added in a follow-up PR.

@austingebauer austingebauer added this to the 1.16.0-rc1 milestone Jan 17, 2024
@austingebauer austingebauer requested a review from a team as a code owner January 17, 2024 04:56
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Jan 17, 2024
@github-actions GitHub Actions
Copy link

Build Results:
All builds succeeded! ✅

@github-actions GitHub Actions
Copy link

CI Results:
All Go tests succeeded! ✅

fairclothjm
fairclothjm approved these changes Jan 17, 2024
View reviewed changes
Copy link
Contributor

@fairclothjm fairclothjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

vinay-gopalan
vinay-gopalan approved these changes Jan 17, 2024
View reviewed changes
Copy link
Contributor

@vinay-gopalan vinay-gopalan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Nice test coverage on the new additions 👍🏼

@austingebauer austingebauer merged commit fd92f2c into main Jan 17, 2024
110 checks passed
@austingebauer austingebauer deleted the identity/plugin-issuer branch January 17, 2024 21:22
austingebauer added a commit that referenced this pull request Jan 17, 2024
@austingebauer
identity/tokens: adds plugin issuer with openid-configuration and keys (
6f708cd 
#24898)

* identity/tokens: adds plugin issuer with openid-configuration and keys

* adds changelog

* typo in comment

* adds go doc to tests for linter
austingebauer added a commit that referenced this pull request Jan 29, 2024
@austingebauer
identity/tokens: adds plugin issuer with openid-configuration and keys (
63777ef 
#24898)

* identity/tokens: adds plugin issuer with openid-configuration and keys

* adds changelog

* typo in comment

* adds go doc to tests for linter
@vinay-gopalan vinay-gopalan mentioned this pull request Feb 15, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vinay-gopalan vinay-gopalan vinay-gopalan approved these changes

@fairclothjm fairclothjm fairclothjm approved these changes

@briankassouf briankassouf Awaiting requested review from briankassouf

@tomhjp tomhjp Awaiting requested review from tomhjp

Assignees
No one assigned
Labels
hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.16.0-rc1
Development

Successfully merging this pull request may close these issues.
3 participants
@austingebauer @fairclothjm @vinay-gopalan